#!/bin/bash
#
#	/etc/rc.d/init.d/cryptostuff
#
# Sets up basic disk encryption
#
# chkconfig: 2345 01 99
# description: Initiates swap on an encrypted device; mounts /tmp and /var/tmp as tmpfs
# Hacked together by Troels Arvin <troels@arvin.dk>

SWAP_DEV=/dev/hda3
SWAP_MAPPED=/dev/mapper/swap
SWAP_NAME=swap

# Source function library.
. /etc/rc.d/init.d/functions

servicename=cryptostuff
RETVAL=0

#
# See how we were called.
#

bail_out() {
    echo "Error: $1; exiting"
    exit 1
}

start() {
	echo -n $"Setting up encrypted swap: "
    if [ ! -e $SWAP_MAPPED ]; then
        cryptsetup -d /dev/random create $SWAP_NAME $SWAP_DEV || bail_out "Couldn't setup randomly encrypted swap device"
        mkswap $SWAP_MAPPED || bail_out "Couldn't create swap partition on encrypted device"
    fi

    if (swapon -s | fgrep -q $SWAP_MAPPED); then
        echo -n $"Swap already mounted"
        echo_success
    else
        if (swapon $SWAP_MAPPED); then
	        echo_success
        else
            echo_failure
            RETVAL=1
        fi
    fi
	echo

	echo -n $"Setting up /tmp and /var/tmp, if not already active: "
    if ! grep -q '^tmpfs[[:blank:]]\+/tmp' /etc/fstab; then
        echo 'tmpfs /tmp tmpfs defaults 0 0' >> /etc/fstab
    fi
    if ! grep -q '^tmpfs[[:blank:]]\+/tmp' /proc/mounts; then
        mount /tmp
    fi
    chmod 01777 /tmp
    [ -d /tmp/var ] || mkdir /tmp/var
    chmod 01777 /tmp/var
    ls -dZ /tmp | fgrep -q ':tmp_t' || chcon -R system_u:object_r:tmp_t /tmp
    mount | grep -q '^/tmp/var on /var/tmp' || mount --bind /tmp/var /var/tmp

    echo
    [ $RETVAL -eq 0 ] && echo_success
    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$servicename
	return $RETVAL
}

stop() {
	echo -n $"Stopping basic disk encryption: "

    umount /var/tmp
    umount /tmp

    if (swapon -s | fgrep -q $SWAP_MAPPED); then
        if swapoff $SWAP_MAPPED; then
            cryptsetup remove $SWAP_NAME || echo "Warning: Couldn't perform 'cryptsetup remove'"
        else
            bail_out "Couldn't perform swapoff(!)"
        fi
    else
        echo -n "Not mounted"
    fi

	if [ $RETVAL -eq 0 ]; then
        echo_success
    else
        echo_failure
    fi

	echo
    [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$servicename
    return $RETVAL
}


restart() {
	stop
	start
}	

case "$1" in
start)
	start
	;;
stop)
	stop
	;;
restart)
	restart
	;;
condrestart)
	if [ -f /var/lock/subsys/$servicename ]; then
	    restart
	fi
	;;
status)
	;;
*)
	echo $"Usage: $0 {start|stop|status|restart|condrestart}"
	exit 1
esac

exit $RETVAL